Comment Spam

It seems the auto-spammers have hit WP. They use programs like “Link Dump” to directly hit the wp-comments-post.php directly.
Many of my hosting clients are getting hit with over 3-4000+ pieces of comment spam a day – – including my own blog.
The moderation for spam is nice, including the filter list – however, when you’re getting that many spam hits in a day – you still get the emails and you still have to go in and delete the comments out of the queue — which is frustrating and timely.
The trick is to stop them from sending the spam in the first place:
Change the name of your wp-comments-post.php to something else – – I changed mine to something like: stopspam-post.php.
Then in your wp-comments.php template — look for this code:<form action="<?php echo $siteurl; ?>/wp-comments-post.php" method="post" id="commentform">
And change the wp-commens-post.php to the file that you renamed it to.
For example, since I renamed my wp-comments-post.php to stopspam-post.php — that line in the wp-comments.php now looks like this:<form action="<?php echo $siteurl; ?>/stopspam-post.php" method="post" id="commentform">
On a day that I was getting hit with over 4000 spam hits, the very minute I did this – it stopped and they haven’t returned. It doesn’t stop the one time spammer who actually clicks your comments link and manually enters their spam – – but those guys are easier to maintain than these autospammers.

Oh no! My reply just hit the ether.
I’m obviously new to this stuff, and thot there was something needful with “sapm”. I see now it doesn’t.
In going thru all my files, i see that wp-comments-post.php is called in a couple of other files:
wp-comments-popup.php
wp-comments-reply.php
Should the file name be changed there too?

You can change the line in wp-popup-comments.php if you use popup comments. I don’t use popup comments, so I didn’t include that . . but should have.
I did not change it in wp-comments-reply.php — haven’t had any issues with that at all. Not sure what that file does, but I would imagine it should be changed there too. 🙂

I love to read from someone who actually searched for a solution prior to post a request. Good example.
I’m also touched by comment spam since a few days. Nothing too ugly so far.
But I might create a comment form with security images included. You know, those images with digits you have to enter to be able to proceed with the form. That should stop most if not all of the automated spam. From the documentation I’ve read it isn’t THAT complicated to implement. I’ll work on that in the next weeks. I’m pretty sure everyone prefers that type of solution rather than to have everyone to register.

I did the rename described here – just renamed it to something else. (perhaps the spammers are reading support and adapted to ‘stopspam-post.php’ – just a guess). Since doing the rename process described here, no spam has come through. It would seem that if everyone picks some random ‘rename’ of the files/script parts – then the spammers cannot adapt to all. Of course, if someone wants to zap a specific site, they can see what to adapt to within the script. So, I’m going to try and implement some of the other ‘comment spam’ fixes, too.

I too renamed mine to something completely unrelated to anything and I am still getting this spam, is there a way to just dump the comments instead of moderateing them? The innocous comment with less than 2 links seems to work just fine, I haven’t had a real commetn get moderated yet. At this point I would just prefer a delete all button or toss them into the dumper. When your getting 15 a day it is still a pain to go in and click delete on each of them.
Thanks

There is a lot of work going into spam management for the next release, but we all have to understand that this is a Cold War…as hard as we work to counteract their efforts, the spammers are equal to the task in looking for methods to circumvent everything we throw at them.
Your only guaranteed method to stop this is to turn of your comments totally, or don’t have a blog that is open to the internet.